CVE-2023-21954
First published: Mon Apr 17 2023(Updated: )
An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Hotspot component could allow a remote attacker to cause high confidentiality impact.
Credit: secalert_us@oracle.com secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle GraalVM | =20.3.9 | |
| Oracle GraalVM | =21.3.5 | |
| Oracle GraalVM | =22.3.1 | |
| Oracle JDK | =1.8.0-update361 | |
| Oracle JDK | =11.0.18 | |
| Oracle JDK | =17.0.6 | |
| Oracle JRE | =1.8.0-update361 | |
| Oracle JRE | =11.0.18 | |
| Oracle JRE | =17.0.6 | |
| debian/openjdk-11 | <=11.0.16+8-1~deb10u1 | 11.0.21+9-1~deb10u1 11.0.20+8-1~deb11u1 11.0.21+9-1~deb11u1 11.0.22~6ea-1 |
| debian/openjdk-17 | 17.0.7+7-1~deb11u1 17.0.9+9-1~deb11u1 17.0.9+9-1~deb12u1 17.0.10~6ea-1 | |
| debian/openjdk-20 | 20.0.2+9-1 | |
| debian/openjdk-8 | 8u392-ga-1 | |
| NetApp 7-Mode Transition Tool | ||
| Netapp Brocade San Navigator | ||
| Netapp Cloud Insights Acquisition Unit | ||
| Netapp Cloud Insights Storage Workload Security Agent | ||
| NetApp OnCommand Insight | ||
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| Debian Debian Linux | =12.0 | |
| Oracle OpenJDK | <8 | |
| Oracle OpenJDK | >=11<=11.0.18 | |
| Oracle OpenJDK | >=17<=17.0.6 | |
| Oracle OpenJDK | =8 | |
| Oracle OpenJDK | =8-milestone1 | |
| Oracle OpenJDK | =8-milestone2 | |
| Oracle OpenJDK | =8-milestone3 | |
| Oracle OpenJDK | =8-milestone4 | |
| Oracle OpenJDK | =8-milestone5 | |
| Oracle OpenJDK | =8-milestone6 | |
| Oracle OpenJDK | =8-milestone7 | |
| Oracle OpenJDK | =8-milestone8 | |
| Oracle OpenJDK | =8-milestone9 | |
| Oracle OpenJDK | =8-update101 | |
| Oracle OpenJDK | =8-update102 | |
| Oracle OpenJDK | =8-update11 | |
| Oracle OpenJDK | =8-update111 | |
| Oracle OpenJDK | =8-update112 | |
| Oracle OpenJDK | =8-update121 | |
| Oracle OpenJDK | =8-update131 | |
| Oracle OpenJDK | =8-update141 | |
| Oracle OpenJDK | =8-update151 | |
| Oracle OpenJDK | =8-update152 | |
| Oracle OpenJDK | =8-update161 | |
| Oracle OpenJDK | =8-update162 | |
| Oracle OpenJDK | =8-update171 | |
| Oracle OpenJDK | =8-update172 | |
| Oracle OpenJDK | =8-update181 | |
| Oracle OpenJDK | =8-update191 | |
| Oracle OpenJDK | =8-update192 | |
| Oracle OpenJDK | =8-update20 | |
| Oracle OpenJDK | =8-update201 | |
| Oracle OpenJDK | =8-update202 | |
| Oracle OpenJDK | =8-update211 | |
| Oracle OpenJDK | =8-update212 | |
| Oracle OpenJDK | =8-update221 | |
| Oracle OpenJDK | =8-update222 | |
| Oracle OpenJDK | =8-update231 | |
| Oracle OpenJDK | =8-update232 | |
| Oracle OpenJDK | =8-update241 | |
| Oracle OpenJDK | =8-update242 | |
| Oracle OpenJDK | =8-update25 | |
| Oracle OpenJDK | =8-update252 | |
| Oracle OpenJDK | =8-update262 | |
| Oracle OpenJDK | =8-update271 | |
| Oracle OpenJDK | =8-update281 | |
| Oracle OpenJDK | =8-update282 | |
| Oracle OpenJDK | =8-update291 | |
| Oracle OpenJDK | =8-update301 | |
| Oracle OpenJDK | =8-update302 | |
| Oracle OpenJDK | =8-update31 | |
| Oracle OpenJDK | =8-update312 | |
| Oracle OpenJDK | =8-update322 | |
| Oracle OpenJDK | =8-update332 | |
| Oracle OpenJDK | =8-update342 | |
| Oracle OpenJDK | =8-update352 | |
| Oracle OpenJDK | =8-update362 | |
| Oracle OpenJDK | =8-update40 | |
| Oracle OpenJDK | =8-update45 | |
| Oracle OpenJDK | =8-update5 | |
| Oracle OpenJDK | =8-update51 | |
| Oracle OpenJDK | =8-update60 | |
| Oracle OpenJDK | =8-update65 | |
| Oracle OpenJDK | =8-update66 | |
| Oracle OpenJDK | =8-update71 | |
| Oracle OpenJDK | =8-update72 | |
| Oracle OpenJDK | =8-update73 | |
| Oracle OpenJDK | =8-update74 | |
| Oracle OpenJDK | =8-update77 | |
| Oracle OpenJDK | =8-update91 | |
| Oracle OpenJDK | =8-update92 | |
| Oracle OpenJDK | =20 | |
| IBM QRadar SIEM | <=7.5.0 - 7.5.0 UP6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
- https://security.netapp.com/advisory/ntap-20230427-0008/
- https://www.debian.org/security/2023/dsa-5430
- https://www.debian.org/security/2023/dsa-5478
- https://www.oracle.com/security-alerts/cpuapr2023.html
- https://security-tracker.debian.org/tracker/CVE-2023-21954
- https://github.com/openjdk/jdk8u/commit/1a42e35729d1a0b049a13b762b0cbb4f046081ea
- https://github.com/openjdk/jdk11u/commit/780327d1de4fee3e77c3e48018908bf0c3fcd55a
- https://github.com/openjdk/jdk17u/commit/dfded6daaafb3a517bac6a07bcb4ec40db4a4a2e
- https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixJAVA
- https://www.oracle.com/java/technologies/javase/8u371-relnotes.html
- https://www.oracle.com/java/technologies/javase/11-0-19-relnotes.html
- https://www.oracle.com/java/technologies/javase/17-0-7-relnotes.html
- https://access.redhat.com/errata/RHSA-2023:1875
- https://access.redhat.com/errata/RHSA-2023:1877
- https://access.redhat.com/errata/RHSA-2023:1878
- https://access.redhat.com/errata/RHSA-2023:1879
- https://access.redhat.com/errata/RHSA-2023:1880
- https://access.redhat.com/errata/RHSA-2023:1883
- https://access.redhat.com/errata/RHSA-2023:1882
- https://access.redhat.com/errata/RHSA-2023:1885
- https://access.redhat.com/errata/RHSA-2023:1884
- https://access.redhat.com/errata/RHSA-2023:1889
- https://access.redhat.com/errata/RHSA-2023:1890
- https://access.redhat.com/errata/RHSA-2023:1891
- https://access.redhat.com/errata/RHSA-2023:1892
- https://access.redhat.com/errata/RHSA-2023:1895
- https://access.redhat.com/errata/RHSA-2023:1898
- https://access.redhat.com/errata/RHSA-2023:1899
- https://access.redhat.com/errata/RHSA-2023:1900
- https://access.redhat.com/errata/RHSA-2023:1904
- https://access.redhat.com/errata/RHSA-2023:1911
- https://access.redhat.com/errata/RHSA-2023:1905
- https://access.redhat.com/errata/RHSA-2023:1906
- https://access.redhat.com/errata/RHSA-2023:1909
- https://access.redhat.com/errata/RHSA-2023:1908
- https://access.redhat.com/errata/RHSA-2023:1910
- https://access.redhat.com/errata/RHSA-2023:1907
- https://access.redhat.com/errata/RHSA-2023:1912
- https://access.redhat.com/errata/RHSA-2023:1903
- https://access.redhat.com/security/cve/cve-2023-21954
- https://bugzilla.redhat.com/show_bug.cgi?id=2187441
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://www.couchbase.com/alerts/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/253166
- https://www.ibm.com/support/pages/node/7049133 (Advisory)
Frequently Asked Questions
What is CVE-2023-21954?
CVE-2023-21954 is a vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products.
Which versions of Oracle Java SE and Oracle GraalVM Enterprise Edition are affected by CVE-2023-21954?
The affected versions are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5, and 22.3.1.
How severe is CVE-2023-21954?
CVE-2023-21954 has a severity value of 5.9, which is classified as medium severity.
How can I fix CVE-2023-21954?
To fix this vulnerability, update Oracle Java SE to versions 11.0.20, 17.0.7, and 20.0.2, or apply the provided patches from the referenced links.
Where can I find more information about CVE-2023-21954?
You can find more information about CVE-2023-21954 at the provided GitHub links.
- collector/nvd-index
- collector/security-tracker-debian
- agent/author
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-21954
- agent/severity
- agent/description
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/references
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/ibm-support
- source/IBM
- vendor/oracle
- canonical/oracle graalvm
- version/oracle graalvm/20.3.9
- version/oracle graalvm/21.3.5
- version/oracle graalvm/22.3.1
- canonical/oracle jdk
- version/oracle jdk/1.8.0-update361
- version/oracle jdk/11.0.18
- version/oracle jdk/17.0.6
- canonical/oracle jre
- version/oracle jre/1.8.0-update361
- version/oracle jre/11.0.18
- version/oracle jre/17.0.6
- package-manager/debian
- vendor/netapp
- canonical/netapp 7-mode transition tool
- canonical/netapp brocade san navigator
- canonical/netapp cloud insights acquisition unit
- canonical/netapp cloud insights storage workload security agent
- canonical/netapp oncommand insight
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- version/debian debian linux/12.0
- canonical/oracle openjdk
- version/oracle openjdk/11
- version/oracle openjdk/11.0.18
- version/oracle openjdk/17
- version/oracle openjdk/17.0.6
- version/oracle openjdk/8
- version/oracle openjdk/8-milestone1
- version/oracle openjdk/8-milestone2
- version/oracle openjdk/8-milestone3
- version/oracle openjdk/8-milestone4
- version/oracle openjdk/8-milestone5
- version/oracle openjdk/8-milestone6
- version/oracle openjdk/8-milestone7
- version/oracle openjdk/8-milestone8
- version/oracle openjdk/8-milestone9
- version/oracle openjdk/8-update101
- version/oracle openjdk/8-update102
- version/oracle openjdk/8-update11
- version/oracle openjdk/8-update111
- version/oracle openjdk/8-update112
- version/oracle openjdk/8-update121
- version/oracle openjdk/8-update131
- version/oracle openjdk/8-update141
- version/oracle openjdk/8-update151
- version/oracle openjdk/8-update152
- version/oracle openjdk/8-update161
- version/oracle openjdk/8-update162
- version/oracle openjdk/8-update171
- version/oracle openjdk/8-update172
- version/oracle openjdk/8-update181
- version/oracle openjdk/8-update191
- version/oracle openjdk/8-update192
- version/oracle openjdk/8-update20
- version/oracle openjdk/8-update201
- version/oracle openjdk/8-update202
- version/oracle openjdk/8-update211
- version/oracle openjdk/8-update212
- version/oracle openjdk/8-update221
- version/oracle openjdk/8-update222
- version/oracle openjdk/8-update231
- version/oracle openjdk/8-update232
- version/oracle openjdk/8-update241
- version/oracle openjdk/8-update242
- version/oracle openjdk/8-update25
- version/oracle openjdk/8-update252
- version/oracle openjdk/8-update262
- version/oracle openjdk/8-update271
- version/oracle openjdk/8-update281
- version/oracle openjdk/8-update282
- version/oracle openjdk/8-update291
- version/oracle openjdk/8-update301
- version/oracle openjdk/8-update302
- version/oracle openjdk/8-update31
- version/oracle openjdk/8-update312
- version/oracle openjdk/8-update322
- version/oracle openjdk/8-update332
- version/oracle openjdk/8-update342
- version/oracle openjdk/8-update352
- version/oracle openjdk/8-update362
- version/oracle openjdk/8-update40
- version/oracle openjdk/8-update45
- version/oracle openjdk/8-update5
- version/oracle openjdk/8-update51
- version/oracle openjdk/8-update60
- version/oracle openjdk/8-update65
- version/oracle openjdk/8-update66
- version/oracle openjdk/8-update71
- version/oracle openjdk/8-update72
- version/oracle openjdk/8-update73
- version/oracle openjdk/8-update74
- version/oracle openjdk/8-update77
- version/oracle openjdk/8-update91
- version/oracle openjdk/8-update92
- version/oracle openjdk/20
- vendor/ibm
- canonical/ibm qradar siem
- version/ibm qradar siem/7.5.0 - 7.5.0 up6